7.5

CVE-2007-3791

Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PolicydPolicyd Version1.70
PolicydPolicyd Version1.71
PolicydPolicyd Version1.72
PolicydPolicyd Version1.73
PolicydPolicyd Version1.74
PolicydPolicyd Version1.75
PolicydPolicyd Version1.76
PolicydPolicyd Version1.77
PolicydPolicyd Version1.78
PolicydPolicyd Version1.79
PolicydPolicyd Version1.80
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.21% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/38091
http://secunia.com/advisories/26021
Vendor Advisory
http://secunia.com/advisories/26649
http://sourceforge.net/project/shownotes.php?release_id=522366
http://svn.linuxrulz.org/WebSVN/diff.php?repname=Policyd&path=%2Ftrunk%2Fsockets.c&rev=4&sc=0
http://svn.linuxrulz.org/WebSVN/log.php?repname=Policyd&path=%2Fbranches%2Fv1.8x%2Fsockets.c&rev=0&sc=0&isdir=0
http://www.debian.org/security/2007/dsa-1361
http://www.securityfocus.com/bid/24899
https://exchange.xforce.ibmcloud.com/vulnerabilities/35394